Key Management and Encryption in VMware-Based Clouds

VMware is without a doubt a major platform for private as well as public cloud deployments. But as in any other cloud-based system, data security, and more specifically cloud encryption and key management are fundamental building blocks.

Cloud key management and encryption requirementsWe have found that external users have many of the same security requirements, whether the cloud is public or private: from an external user’s point of view, the differences between public and private clouds are technical details, and the user requires the same guarantees from the provider.

In particular, users expect to own their data. In a business context, a user is often another business. These businesses want to know that they are enjoying the benefits of the provided service, but that the provider cannot read their data.

As a consequence, cloud infrastructure must provide an ability to encrypt sensitive data, and to keep encryption keys under the control of the user. This requirement shows up in public deployments, as a requirement to control keys that encrypt disks. It also shows up in private deployments, as a requirement to control keys that are used by the software solution: each user wants to have separate keys, so that other users and the solution provider cannot read the users data. Such solutions are beginning to emerge, for example split-key encryption and homomorphic key management.

Public cloud deploymentsPublic providers often want to “chop” a large storage array into chunks that are usable for customers. Virtualization technology is very natural here, but the challenge is to make each “chunk” encrypted by different keys, so that customers remain in control.

A natural solution here has emerged from Porticor: Virtual Appliances are deployed on the same VMware-based infrastructure that the provider has chosen. These appliances know how to consume a LUN or VMFS, and re-expose it as a new LUN or VMFS, this time encrypted using keys that are specific to a customer. (For further details read the white paper here)

CIO, CTO & Developer Resources

The Porticor solution actually leverages the same flexibility to carve up storage and compute – that is available from the VMware cloud infrastructure – and adds encryption and key management as a natural layer.

Private cloud deploymentsPrivate providers often have a specific software solution in mind. Here Porticor’s ability to provide unique “tokens” for users, groups or roles – and an API that integrates with the provider’s identity & access management solution – allows individual and group identities to be maintained at the encryption layer.

Providers can offer full multi-tenancy, yet guarantee that the user’s individual data is encrypted using a key that only the user knows. The provider’s employees literally provide the service yet cannot read the data.

SummaryThe flexibility of modern virtualization environments is often presented as a security challenge, but with the right technology, it can actually enhance security and offer users greater control of their data – without the hassle of managing it themselves.

Gilad Parann-Nissany, Founder and CEO at Porticor is a pioneer of Cloud Computing. He has built SaaS Clouds for medium and small enterprises at SAP (CTO Small Business); contributing to several SAP products and reaching more than 8 million users. Recently he has created a consumer Cloud at G.ho.st - a cloud operating system that delighted hundreds of thousands of users while providing browser-based and mobile access to data, people and a variety of cloud-based applications. He is now CEO of Porticor, a leader in Virtual Privacy and Cloud Security.

The competition among public cloud providers is red hot, private cloud continues to grab increasing shares of IT budgets, and hybrid cloud strategies are beginning to conquer the enterprise IT world.

Big Data is driving dramatic leaps in resource requirements and capabilities, and now the Internet of Things promises an exponential leap in the size of the Internet and Worldwide Web.

The world of SDX now encompasses Software-Defined Data Centers (SDDCs) as the technology world prepares for the Zettabyte Age.

Add the key topics of WebRTC and DevOps into the mix, and you have three days of pure cloud computing that you simply cannot miss.

Cloud Expo - the world's most established event - offers a vast selection of 130+ technical and strategic Industry Keynotes, General Sessions, Breakout Sessions, and signature Power Panels. The exhibition floor features 100+ exhibitors offering specific solutions and comprehensive strategies. The floor also features two Demo Theaters that give delegates the opportunity to get even closer to the technology they want to see and the people who offer it.

Attend Cloud Expo. Craft your own custom experience. Learn the latest from the world's best technologists. Find the vendors you want and put them to the test.